[Full-disclosure] plz suggest security for DLL functions
Valdis.Kletnieks at vt.edu
Valdis.Kletnieks at vt.edu
Fri Jul 1 21:38:39 BST 2005
On Fri, 01 Jul 2005 14:37:18 EDT, Tim said:
> > Give them a DLL that just tosses an RPC call to a secured server that you
> > manage.
>
> And how would your server differentiate between a "good" RPC call and a
> "bad" one?
Well - you *do* have some idea of what sort of abuse you're trying to stop, right?
If they're not allowed to call it more than X times/hour, rate limit your RPC
server. Or apply whatever other checks you want to.
At least you (hopefully) don't have to worry about the user running your
server under a debugging tool to reverse engineer it. :)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050701/c14e39da/attachment.bin
Full-Disclosure is hosted and sponsored by Secunia.